IPFs / filecoin official: strengthening public DHT against eclipse attacks

To Lianyun 2020-11-06 20:21:58
ipfs filecoin official strengthening public

With the continuous expansion of network scale ,2020 year IPFS One of the main focuses of is improving content routing . Although we are right DHT Significant improvements have been made to the request speed on (https://blog.ipfs.io/2020-07-20-dht-deep-dive/), But our other key focus is network security . In the release go-ipfs 0.5 In the previous work ,A-SIT and Graz University of science and Technology Bernd Prünster and Alexander Marsalek Contacted us , Tell us they're targeting go-ipfs 0.4.23 An attack found in the study of , This kind of attack can let the attacker eat the public with the least resources DHT Any node on . in the past 3 A small version of go-ipfs(0.5、0.6 and 0.7) in , We have always been with Bernd and Alexander Close cooperation , This allows us to release incremental improvements , Reduced their original attack , And it increases the cost and difficulty of such attacks by several orders of magnitude . Today we're going to delve into the attack and the various mitigation measures we've released . If you want to read a full paper ,“ All of the Eclipse Viruses —— disturb “ damage IPFS System ”, You can TU Graz Research portal to find it .


1. Ease the attack

Eclipse An attack is when an attacker isolates a peer from the rest of the network , The ability of a target peer to communicate only with peers controlled by an attacker . The target of this attack is to contaminate the target peer DHT Routing table , Make an attacker controlled peer exist . stay Bernd and Alexander In the attacks found , They use libp2p And a lot of pre generated Peer ID list , Created a Sybil attack , total 29TB The data of , To play libp2p The reputation system in , To take over the routing table .

If you are right about Sybil attack (https://en.wikipedia.org/wiki/Sybil_attack) Unfamiliar words , The principle is to use a single Peer A lot of pseudonyms ID To subvert the credibility system , To increase the influence on the Internet . In the context of this attack , false ID Eventually, the location of the honest peer will be replaced in the routing table of the affected peer .

To make this attack successful ,libp2p Some of the loopholes in have been exposed , And it eventually leads to this kind of attack in go-ipfs 0.4.23 It's very effective . When this attack was discovered ,libp2p One of the main problems is ,DHT There is no preference for longevity counterparts , It doesn't protect its counterpart in the lower barrel ( The peer of the other half of the network ). This problem allows attackers to quickly evict honest peers from the target's routing table , To support its dishonest counterpart . As go-ipfs 0.5 in DHT Part of the overhaul work , We changed the way entries in the routing table are managed . One of the major impact changes is , We will no longer evict available peers from the routing table . This plus we're in go-ipfs 0.5 Chinese vs DHT Other improvements made , It makes the execution of the attack more difficult by several orders of magnitude . You can IPFS 0.5 Content routing dig deep (https://blog.ipfs.io/2020-07-20-dht-deep-dive/) Read about DHT Detailed changes of .

except go-ipfs 0.5 Changes in , We also fixed a few problems , Further increases the difficulty and cost of this attack . Part of the reason for the success of the attack is that Sybil A node can play a valuable connected reputation system by abusing a defect in the way that it scores its peers as a relay . This defect can make a Sybil Nodes act as successors Sybil Peer relay , So as to continue to improve relay scores . This can use nested... For a single peer Sybils Get a lot of bad reputation quickly . To solve this problem , We applied a constant fraction to the relay , This allows us to still value them , But avoid them being able to exaggerate their reputation . By improving the integrity of the internal reputation system , We lowered Sybil The power of attack .

Another major change we've made to increase the cost of such attacks is the introduction of IP Diversity requires . The original go-ipfs 0.4.23 Attacks can be run on a single machine at a relatively low cost , Because the routing table may only contain peers from a single host . Now? ,IP Diversity requirements limit the number of peers from any host , This makes it impossible to perform an eclipse attack from a single machine , Further, the attack cost will be reduced from go-ipfs 0.5 Increased by more than two orders of magnitude .



2. Verify mitigation measures

As and Bernd and Alexander Part of the cooperation , We want to make sure that we can test and validate our fix correctly , We take two approaches .

Field test : With our permission , They launched a control attack on one of our managed bootstrap nodes on the public network . This allows us to collect real-time metrics and logs , Observe the effectiveness of the attack from our visibility and their external Observations . The controlled attack is in IPFS On each release before release , from go-ipfs 0.5 Start , This allows us to validate our fix in a production environment .

stay Testground Copy it on : because Testground(https://blog.ipfs.io/2020-05-06-launching-testground/) Development and release of , as well as Bernd and Alexander Share their attack code , We were able to create a test plan to replicate the various parts of the attack . This allows us to make large-scale test changes in a controlled test environment , Both verify that the attack is possible , And verify our mitigation measures . The benefit of having these test plans is , We can continue in IPFS and libp2p Run them on the version of , To make sure we don't introduce regression . Besides , This ensures that we can run the attack for a longer time in a controlled environment , To further analyze the effectiveness and cost of the attack .


3. Our situation today

This year , We are right. IPFS and libp2p We've made significant improvements in both performance and security , And cooperation is an important part of the success of this work .Bernd and Alexander Research done , And their willingness to work closely with us , To help us improve the stability of the network is very valuable . We appreciate the opportunity to work together . With 9 month go-ipfs 0.7(https://blog.ipfs.io/2020-09-24-go-ipfs-0-7-0/) Release , We are IPFS and libp2p On the implementation eclipse and Sybil Attacks are more difficult and costly than 0.4.23 Several orders of magnitude have been added to its predecessor .

If you haven't updated to go-ipfs 0.7, We suggest that you update as soon as possible , To take advantage of the full range of these improvements . Please check out go-ipfs 0.7 Update guide , Learn the details of how to update .

本文为[To Lianyun]所创,转载请带上原文链接,感谢

  1. 【计算机网络 12(1),尚学堂马士兵Java视频教程
  2. 【程序猿历程,史上最全的Java面试题集锦在这里
  3. 【程序猿历程(1),Javaweb视频教程百度云
  4. Notes on MySQL 45 lectures (1-7)
  5. [computer network 12 (1), Shang Xuetang Ma soldier java video tutorial
  6. The most complete collection of Java interview questions in history is here
  7. [process of program ape (1), JavaWeb video tutorial, baidu cloud
  8. Notes on MySQL 45 lectures (1-7)
  9. 精进 Spring Boot 03:Spring Boot 的配置文件和配置管理,以及用三种方式读取配置文件
  10. Refined spring boot 03: spring boot configuration files and configuration management, and reading configuration files in three ways
  11. 精进 Spring Boot 03:Spring Boot 的配置文件和配置管理,以及用三种方式读取配置文件
  12. Refined spring boot 03: spring boot configuration files and configuration management, and reading configuration files in three ways
  13. 【递归,Java传智播客笔记
  14. [recursion, Java intelligence podcast notes
  15. [adhere to painting for 386 days] the beginning of spring of 24 solar terms
  16. K8S系列第八篇(Service、EndPoints以及高可用kubeadm部署)
  17. K8s Series Part 8 (service, endpoints and high availability kubeadm deployment)
  18. 【重识 HTML (3),350道Java面试真题分享
  19. 【重识 HTML (2),Java并发编程必会的多线程你竟然还不会
  20. 【重识 HTML (1),二本Java小菜鸟4面字节跳动被秒成渣渣
  21. [re recognize HTML (3) and share 350 real Java interview questions
  22. [re recognize HTML (2). Multithreading is a must for Java Concurrent Programming. How dare you not
  23. [re recognize HTML (1), two Java rookies' 4-sided bytes beat and become slag in seconds
  24. 造轮子系列之RPC 1:如何从零开始开发RPC框架
  25. RPC 1: how to develop RPC framework from scratch
  26. 造轮子系列之RPC 1:如何从零开始开发RPC框架
  27. RPC 1: how to develop RPC framework from scratch
  28. 一次性捋清楚吧,对乱糟糟的,Spring事务扩展机制
  29. 一文彻底弄懂如何选择抽象类还是接口,连续四年百度Java岗必问面试题
  30. Redis常用命令
  31. 一双拖鞋引发的血案,狂神说Java系列笔记
  32. 一、mysql基础安装
  33. 一位程序员的独白:尽管我一生坎坷,Java框架面试基础
  34. Clear it all at once. For the messy, spring transaction extension mechanism
  35. A thorough understanding of how to choose abstract classes or interfaces, baidu Java post must ask interview questions for four consecutive years
  36. Redis common commands
  37. A pair of slippers triggered the murder, crazy God said java series notes
  38. 1、 MySQL basic installation
  39. Monologue of a programmer: despite my ups and downs in my life, Java framework is the foundation of interview
  40. 【大厂面试】三面三问Spring循环依赖,请一定要把这篇看完(建议收藏)
  41. 一线互联网企业中,springboot入门项目
  42. 一篇文带你入门SSM框架Spring开发,帮你快速拿Offer
  43. 【面试资料】Java全集、微服务、大数据、数据结构与算法、机器学习知识最全总结,283页pdf
  44. 【leetcode刷题】24.数组中重复的数字——Java版
  45. 【leetcode刷题】23.对称二叉树——Java版
  46. 【leetcode刷题】22.二叉树的中序遍历——Java版
  47. 【leetcode刷题】21.三数之和——Java版
  48. 【leetcode刷题】20.最长回文子串——Java版
  49. 【leetcode刷题】19.回文链表——Java版
  50. 【leetcode刷题】18.反转链表——Java版
  51. 【leetcode刷题】17.相交链表——Java&python版
  52. 【leetcode刷题】16.环形链表——Java版
  53. 【leetcode刷题】15.汉明距离——Java版
  54. 【leetcode刷题】14.找到所有数组中消失的数字——Java版
  55. 【leetcode刷题】13.比特位计数——Java版
  56. oracle控制用户权限命令
  57. 三年Java开发,继阿里,鲁班二期Java架构师
  58. Oracle必须要启动的服务
  59. 万字长文!深入剖析HashMap,Java基础笔试题大全带答案
  60. 一问Kafka就心慌?我却凭着这份,图灵学院vip课程百度云